Legal
Privacy Policy
Effective 2026-05-28. Published in parallel with the Japanese version; both versions are equally authentic, and neither prevails over the other in case of inconsistency. Last updated 2026-07-02.
This policy describes how Sisu Software OY ("we") — the operator of the TabiTots service ("TabiTots") — collects, uses, shares, and protects personal information. We process personal information of users in Japan in accordance with Japan's Act on the Protection of Personal Information (個人情報の保護に関する法律, "APPI"); where applicable to users outside Japan we additionally comply with the EU General Data Protection Regulation ("GDPR").
1. Who we are
- Personal information business operator
- Sisu Software OY — a limited company organised under the laws of the Republic of Finland.
- Representative
- Mikko Sysikaski
- Registered address
- Sorakatu 9 A 75, 20730 Turku, Finland
- Business registration number
- Y-tunnus 3602239-1 (Republic of Finland)
- Contact for privacy queries
- hello@tabitots.com
2. Information we collect
We collect only what we need to operate TabiTots safely. Categories include:
- Account information — your email address, display name, and language / region preferences. Provided when you create an account.
- Identity verification — a government-issued photo ID and a selfie that you submit through the app. These are reviewed by the TabiTots verification team, retained per section 6, and used to confirm your identity at sign-up and to enable the provider's visual identity confirmation at drop-off and pickup. We do not need, collect, or keep your My Number (マイナンバー / 個人番号). We accept the front of a My Number Card as photo ID, but never require the back, which shows the number. If a document you submit happens to show a My Number, our reviewers black it out and delete the unredacted original — we never store the number itself.
- Child information — for each child you register: display name, age, allergies, chronic conditions, current medications, dietary needs, an emergency contact, toilet-training status (for children under 4), and the languages your child speaks. Allergies, chronic conditions, current medications, and the vaccination attestation (below) are "sensitive personal information" (要配慮個人情報) under Japan's Act on the Protection of Personal Information; we obtain your explicit consent at the point of entry. Photographs of children are optional and not enabled by default.
- Child vaccination attestation — for each child you register, your self-attested answer to a single question ("Yes / Partial / No / Prefer not to say") confirming whether the child's routine vaccinations are up to date. Used at booking submission to gate bookings at providers that require vaccinated children. Sensitive personal information (要配慮個人情報).
- Designated carer information — for each adult you designate as a possible drop-off or pickup person: their relationship to the child, and their TabiTots verification status (ID + selfie submitted on the same basis as above).
- Booking and payment records — the provider, date, time, child(ren), carer(s), and amount of each booking, including per-day status records for multi-day blocks. Card details are held by Stripe, not by us; we receive a payment-method reference only.
- Health re-confirmation and post-visit health log — your one-tap re-confirmation of the child's health-declaration fields at each booking, and the provider's brief post-visit note ("Picked up" / "Health" / "Operational" / "Other") that a provider may submit after pickup.
- Accommodation address — optional. If you choose to provide your accommodation address for a booking, we use it only for emergency outreach if you cannot be reached at pickup time; it is not shared with the provider.
- Referral and rewards information — if you take part in our optional referral and rewards program: the invitation/referral codes you share or claim, the link between a referrer and the friend who joined, reward tokens granted and how they are spent, and records of gifts you send or receive (including the amount of a paid gift and any short note you add). If you choose to join the optional public leaderboard, the nickname you pick for it. None of this includes card numbers.
- Messages with TabiTots — the content of messages exchanged with TabiTots.
- Parent–provider booking-thread messages — where a booking thread is available, the content of messages you exchange with the provider for that booking. We store and monitor these messages and automatically redact contact details, to keep the channel safe and policy-compliant. The thread is masked: neither side sees the other's phone, email, or contact details.
- Technical data — IP address, device type, operating system, app version, language setting, and crash / error logs collected automatically when you use the app or visit the website.
Where we collect sensitive personal information (要配慮個人情報), we present a clear summary of the use, link to this Privacy Policy, and obtain your explicit consent at the point of entry. You may withdraw consent at any time from the Account screen in the app or by emailing us, subject to the legal-retention rules in section 6.
3. How we use your information
We use the categories above for the following purposes only:
- To provide the booking service — matching you with eligible providers, holding seats, and confirming bookings.
- To verify identity at booking and at drop-off, so that providers can release your child only to an identity-verified adult.
- To process payments and remit the provider's share via Stripe Connect.
- To provide customer support and to mediate communication between you and the provider, including operating and monitoring the masked parent–provider booking thread.
- To operate the optional referral and rewards program — crediting rewards for genuine referrals, applying discounts, processing gifts you send or receive, and detecting and preventing referral abuse (such as self-referral or fraudulent claims).
- To prevent fraud, abuse, and unsafe use of the service.
- To comply with legal obligations under Japanese law, including consumer protection and tax record-keeping.
- To improve the service through aggregate, anonymised analytics. We use Plausible — a privacy-focused analytics tool that does not set advertising cookies and does not track users across sites.
- To monitor health-and-safety patterns (drop-off refusals, post-visit health logs, capture failures) and to operate the account-flag mechanism described in our Terms of Service.
- To coordinate with provider staff on their mandatory-reporter obligations under Japanese child-protection law (児童虐待防止法; see section 4).
- To escalate to your registered emergency contact, accommodation provider, or relevant authorities if you cannot be reached at pickup time and a safe handover cannot otherwise be completed.
We do not use personal information for advertising, profiling, automated decision-making with legal effect, or any purpose beyond those listed above without first obtaining your explicit consent.
4. How we share your information
We share personal information only with the parties below, and only to the minimum extent required.
- Stripe, Inc. and Stripe Japan — for payment processing. Stripe is a PCI-DSS-compliant payment provider; their handling of your card data is governed by Stripe's own privacy policy. (Identity verification is not handled by Stripe; please see section 2.)
- Google LLC (Firebase, Google Cloud) — for backend storage, authentication, hosting, and crash reporting. Data is stored in the Firebase asia-northeast1 (Tokyo) region for Firestore and Cloud Storage; Cloud Functions execute in us-central1 (Iowa, USA).
- The provider you book with — for confirmed bookings only, we share the parent's display name, the child's display name, age, allergies, chronic conditions, current medications, dietary needs, vaccination attestation, any severe-allergy flag, other special-needs flags, the names of any designated carers, and the drop-off / pickup details. At the time of drop-off and pickup we additionally surface the on-file verified photo and the carer's name to the provider via a single-use email link, so provider staff can visually confirm identity. We do not share the parent's email, phone number, accommodation address, payment details, full identity-verification record, or any information about bookings you did not make with that provider, except as otherwise set out in this Section 4 (notably the bullets covering Child Guidance Center reports and disclosure to government, regulatory, or judicial authorities) or where disclosure is necessary to address an imminent safety risk to a child or to respond to an insurance or safeguarding investigation.
- A friend you send a gift to — when you send a reward or buy a gift for someone, we show that recipient your display name and any short note you choose to write, so they know who the gift is from. We do not share your email, phone number, or any other contact details with them. If you join the optional public leaderboard, the nickname you choose is shown publicly there; your real name is not.
- Child Guidance Center (児童相談所) — where provider staff observe signs of abuse, neglect, or endangerment, they are mandatory reporters under Japan's Act on Prevention of Child Abuse (児童虐待防止法) and will report directly to the local Child Guidance Center as required by law. TabiTots and partner providers may make such reports irrespective of any consent or confidentiality otherwise expected under these documents.
- Government, regulatory, or judicial authorities — only when required by law or by a binding court order, and only the minimum personal information necessary to satisfy the request. This includes the local police (生活安全課) where, having been unable to reach you, we initiate a welfare check at your accommodation per our Terms of Service.
We do not sell personal information to any third party. We do not share personal information with advertisers or data brokers.
5. Cross-border data transfers
TabiTots is operated by a Finnish company and uses cloud infrastructure provided by Stripe (United States) and Google (United States and Japan). Personal information you provide may therefore be transferred and stored outside Japan. Pursuant to APPI Article 28 we rely on (a) your consent obtained at account creation, and (b) our suppliers' adherence to data-protection standards equivalent to APPI — Stripe and Google are both certified under the EU–US Data Privacy Framework and comply with GDPR, which exceeds APPI's substantive requirements.
6. How long we keep your information
We keep different categories of information for different periods, depending on the legal basis for retention and the operational need.
- Account information — for as long as your account is active. If you delete your account, identifiable account information is removed within 30 days, except where retention is required by law (see the rows below).
- Booking records (booking metadata: dates, provider, parties, prices) — 7 years from the booking date, as required by Japan's Corporation Tax Act (税法) and consumer-protection record-keeping standards.
- Payment records (Stripe charge IDs, payout amounts) — 7 years, on the same basis.
- Identity verification documents (ID photo, selfie) — deleted when you close your account.
- Child profile data (name, date of birth, health declarations) — 1 year after the child's last booking; wiped immediately on parent request.
- Health declarations and re-confirmations — 1 year after the booking to which they applied, for post-incident review.
- Refused-booking records (drop-off refusal logs and reasons — health-based and behavioural) — 1 year, aligned with the account-flag lapse window in our Terms of Service section 11.
- Drop-off / pickup audit trail (timestamps, provider confirmations, identity-match results) — 3 years, for incident investigation.
- Chargeback evidence — 3 years after the dispute resolves, covering Stripe's dispute window and tail risk.
- Post-visit health logs — 1 year, for incident review.
- Referral and reward records (referral links, token grants and spend, gift transactions) — where a record relates to a payment (such as a paid gift or a discount applied to a booking) it is kept for 7 years with the related booking and payment records; other reward records are kept while your account is active and removed when you delete it. An opt-in leaderboard nickname is kept only while you remain opted in.
- Message-thread content — 3 years, for support quality and dispute reference, then deleted.
- Parent–provider booking-thread messages — 3 years, for safety, support quality, and dispute reference, then deleted.
- Anonymous analytics — retained indefinitely in aggregate form, with no individual identifier.
When you delete your account: identifiable data (your name, contact information, profile photos, payment-method tokens) is wiped immediately; booking and payment records are pseudonymised (your identifying fields replaced with a hashed user ID) and retained for the remaining 7-year tax window; health declarations and audit trails are wiped immediately if past their 1-year or 3-year window, and otherwise pseudonymised; and your children's profile data is wiped immediately — children's data is treated more aggressively than your own, in line with Japanese and European sensitivity standards.
7. Your rights
Under APPI Articles 28–32 (and where applicable, GDPR Articles 15–22) you have the following rights with respect to your personal information:
- Access — request a copy of the personal information we hold about you.
- Correction — request that we correct inaccurate information.
- Deletion — request that we delete your personal information, subject to the retention obligations in section 6.
- Suspension of use — request that we stop using your personal information for specific purposes.
- Disclosure of third-party recipients — request a list of the third parties to whom your information has been disclosed.
To exercise any of these rights, email hello@tabitots.com. We respond within 30 days. There is no fee for exercising your rights. Requests concerning your children's data are honoured more aggressively than requests concerning your own — see section 6.
8. Children's privacy
TabiTots is used by parents and legal guardians to book childcare for their children. Children do not use the service directly and do not create accounts. A parent who registers a child on their account is acting as the child's legal data subject under APPI Article 17; by adding a child you confirm that you have the legal authority to do so and that you consent to the processing of that child's information for the purposes set out in section 3. Because much of the child information we collect is "sensitive personal information" (要配慮個人情報) under Japanese law, we obtain your explicit consent at each save or submission of these fields, summarising the use in plain language and linking to this Privacy Policy at the point of entry (see section 2). On your request, your children's profile data is wiped immediately, ahead of the retention windows that apply to other categories of data — see section 6.
9. Cookies and similar technologies
The TabiTots website uses one functional cookie (tabitots_locale) to remember your language preference. The website uses Plausible analytics, which does not set cookies and does not track users across other websites. We do not use third-party advertising cookies or cross-site tracking pixels.
10. Security
We protect your personal information with industry-standard safeguards: encryption in transit (TLS) for all client-server communication; encryption at rest for stored data via Firebase / Cloud Storage in the asia-northeast1 (Tokyo) region; least-privilege access controls; and Stripe's PCI-DSS-compliant processing for all card data. Card numbers and CVVs are never stored on our servers. Identity verification documents (ID photo, selfie) are stored in encrypted Firebase Cloud Storage, accessible only to TabiTots verification staff, retained per section 6, and never disclosed to any third party except as set out in section 4.
11. Changes to this policy
We may update this Privacy Policy from time to time. The current version is always available at this URL. Material changes — for example, a change in the categories of data we collect, or in the third parties with whom we share data — will be notified to active account holders by email and surfaced in the app prior to taking effect.
12. Contact
For any question about this Privacy Policy or about how we handle your personal information, email hello@tabitots.com. Email is our preferred channel; we do not handle privacy queries by phone.
This policy is published in English and Japanese. Both versions are equally authentic, and neither prevails over the other in case of inconsistency.